I am planning an upgrade from Exchange 2003 to Exchange 2010. I’m presently using Windows Certificate Services and I have a self-signed cert, which I’d like to do away with in favor of a third party SAN certificate.
I will be using a single Exchange 2010 server, with CAS, Mailbox and Hub Transport roles. Also, I am using a Forefront TMG 2010 firewall, which will need the new certificate installed for communication between it and Exchange.
Externally, I have three mail domains, which I use for POP3 and OWA (and would also like to use for Outlook Anywhere). I assume these three get included in the SAN list.
Mail.CompanyA.com
Mail.CompanyB.com
Mail.CompanyC.com
I also assume autodiscovers for each of these should be included too:
Autodiscover.CompanyA.com
Autodiscover.CompanyB.com
Autodiscover.CompanyC.com
Old mail server:
Legacy.company.com (presently I’m only using one URL for all three companies)
My confusion comes with regard to the internal name of the mail server. It’s FQDN in Active Directory is a different domain from the above:
Server1.Parencompany.com
What do I need in the SAN list for this?
Lastly, do I need to include anything in the SAN list for the TMG Firewall?
TMG1.Parentcompany.com
At the end of the day, I want internal clients in AD domain as well as external clients (either via POP3 or MAPI/RPC) to connect securely without certificate errors, using Outlook and OWA.
Thanks!
MCITP Enterprise Admin/Server Admin, MCSE NT, 2000, 2003